<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php 
	if( !isset($_COOKIE["username"]) ){
		echo "<script>window.location.href='login.php'</script>";
	}else{
		setcookie("username", $_COOKIE["username"],time() + 900);
	}
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Profile Operate</title>
<link href="css/template.css" rel="stylesheet" type="text/css" />
<link href="css/test/ProfileOperate.css" rel="stylesheet" type="text/css" />
<script src="js/droplinemenu.js" type="text/javascript"></script>
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript">
//build menu with DIV ID="myslidemenu" on page:
droplinemenu.buildmenu("nav")
</script>

<link href="css/ui-lightness/jquery-ui-1.9.2.custom.css" rel="stylesheet">
<script src="js/jquery-1.8.3.js"></script>
<script src="js/jquery-ui-1.9.2.custom.js"></script>

<script>


	function submitPassword(){
		document.getElementById("newError").innerHTML = "";
		document.getElementById("confirmError").innerHTML = "";
		document.getElementById("oldError").innerHTML = "";
		
		
		var oldPasswordObject = document.getElementById("oldPassword");
		var oldPassword = oldPasswordObject.value;
		var newPasswordObject = document.getElementById("newPassword");
		var newPassword = newPasswordObject.value;
		var confirmPasswordObject = document.getElementById("confirmPassword");
		var confirmPassword = confirmPasswordObject.value;

		if( oldPassword == "" ){
			oldPasswordObject.focus();
			document.getElementById("oldError").innerHTML = "old password cann't be empty!!!";
			return;
		}

		if( newPassword == "" ){
			newPasswordObject.focus();
			document.getElementById("newError").innerHTML = "new password cann't be empty!!!";
			return;
		}

		if( confirmPassword == "" ){
			confirmPasswordObject.focus();
			document.getElementById("confirmError").innerHTML = "confirm password cann't be empty!!!";
			return;
		}

		if( newPassword == oldPassword ){
			newPasswordObject.focus();
			document.getElementById("newError").innerHTML = "new password and old password are the same!!!";
			return;
		}

		if( newPassword != confirmPassword ){
			confirmPasswordObject.focus();
			document.getElementById("confirmError").innerHTML = "new password not equal confirm password!!";
			return;
		}


		var form = document.getElementById("passwordForm");
		form.submit();
	}

	function resetInfo(){
		document.getElementById("newError").innerHTML = "";
		document.getElementById("confirmError").innerHTML = "";
		document.getElementById("oldError").innerHTML = "";
		document.getElementById("oldPassword").value = "";
		document.getElementById("newPassword").value = "";
		document.getElementById("confirmPassword").value = "";
	}


	function printResultInfo(msg){
		alert(msg);
	}
</script>
</head>

<body>
	<div id="container">
		<div id="header"></div>
		<?php include_once 'nav.php';?>
		<div id="main_content">
			<div id="title" style="text-align:center"><h2>Change Passwrod</h2></div>
			<form action="profile_operate.php" method="post" id="passwordForm">
				<div style="margin:10px auto;width:800px;position:relative;left:70px;">
					<table style="width:780px;">
						<tr>
							<td style="width:33%;text-align:right;"><label>Old Password:</label></td>
							<td><input type="password" name="oldPassword" id="oldPassword" value="<?php if( isset($_POST["oldPassword"] )){echo $_POST["oldPassword"];}?>"/></td>
							<td><label id="oldError"></label></td>
						</tr>
						<tr>
							<td style="text-align:right;width:33%;"><label>New Password:</label></td>
							<td><input type="password" name="newPassword" id="newPassword" value="<?php if( isset($_POST["newPassword"] )){echo $_POST["newPassword"];}?>"/></td>
							<td><label id="newError"></label></td>
						</tr>
						<tr>
							<td style="text-align:right;width:33%;"><label>Confirm Password:</label></td>
							<td><input type="password" name="confirmPassword" id="confirmPassword" value="<?php if( isset($_POST["confirmPassword"] )){echo $_POST["confirmPassword"];}?>"/></td>
							<td><label id="confirmError"></label></td>
						</tr>
					</table>
				</div>
				<div id="operateDiv" style="text-align:center">
					<input type="button" value="submit" onclick="submitPassword()"/>
					<input type="button" value="reset" onclick="resetInfo();"/>
				</div>
			</form>
			
		</div>
		<?php 
			if( isset($_POST["oldPassword"]) && isset($_POST["newPassword"]) && isset($_POST["confirmPassword"])){
				$ini_array = parse_ini_file("config/config.ini");
				
				$conn = @mysqli_connect($ini_array["host"], $ini_array["username"], $ini_array["password"], $ini_array["db_name"]) or die("cann't connect the mysql db");
				mysqli_set_charset($conn, "utf8");
				ini_set('default_charset', "UTF-8");
				$oldPassword = mysqli_real_escape_string($conn,$_POST["oldPassword"]);
				$newPassword = mysqli_real_escape_string($conn,$_POST["newPassword"]);
				$confirmPassword = mysqli_real_escape_string($conn,$_POST["confirmPassword"]);
				
				$username = $_COOKIE["username"];
				
				$isRightSql = "select count(*) count from user where username='".$username."' and password='".md5($oldPassword)."'";
				$isRightResult = mysqli_query($conn, $isRightSql);
				$row = mysqli_fetch_array($isRightResult);
				$count = $row["count"];
				if( $count > 0 ){
					$updatePasswordSql = "update user set password='".md5($newPassword)."' where username='".$username."'";
					$result = mysqli_query($conn,$updatePasswordSql);
					if( $result ){
						echo "<script>printResultInfo('change password success');resetInfo()</script>";
					}else{
						echo "<script>printResultInfo('change password fail!!!".mysqli_error()."')</script>"; 
					}
				}else{
					echo "<script>printResultInfo('old password not right !!!')</script>";
				}
					
				
			}
		?>
		<?php include_once 'footer.php';?>
	</div>
</body>
</html>
